12 Replies - 1322 Views - Last Post: 21 March 2010 - 05:12 PM

#1 ShaneK  Icon User is offline

  • require_once("brain.php"); //Fatal error :/
  • member icon

Reputation: 239
  • View blog
  • Posts: 1,224
  • Joined: 10-May 09

MySQL + Java?

Posted 26 January 2010 - 09:36 PM

Just wondering if it's safe to connect to my database and run queries through Java (stand alone applications) or if I'd be in danger of forfeiting my database to hackers...

Anyone know? :P

Yours,
Shane~
Is This A Good Question/Topic? 0
  • +

Replies To: MySQL + Java?

#2 Programmist  Icon User is offline

  • CTO
  • member icon

Reputation: 251
  • View blog
  • Posts: 1,833
  • Joined: 02-January 06

Re: MySQL + Java?

Posted 29 January 2010 - 05:55 AM

Secure against SQL injection and you should be fine.
Was This Post Helpful? 0
  • +
  • -

#3 alpha02  Icon User is offline

  • Sexy DIC God
  • member icon

Reputation: 46
  • View blog
  • Posts: 803
  • Joined: 20-May 06

Re: MySQL + Java?

Posted 31 January 2010 - 06:18 PM

Learn about prepared statements (the PreparedStatement class) in Java and you will be safe. I use MySQL with Java and I haven't encountered any problem 'till now.
Was This Post Helpful? 0
  • +
  • -

#4 NeoTifa  Icon User is offline

  • Whorediot
  • member icon





Reputation: 2497
  • View blog
  • Posts: 15,460
  • Joined: 24-September 08

Re: MySQL + Java?

Posted 01 February 2010 - 11:27 AM

No, in fact, if you do, the aliens that inhabit Uranus will come and anal probe you until you turn gay (if you aren't already).
Was This Post Helpful? 0
  • +
  • -

#5 ShaneK  Icon User is offline

  • require_once("brain.php"); //Fatal error :/
  • member icon

Reputation: 239
  • View blog
  • Posts: 1,224
  • Joined: 10-May 09

Re: MySQL + Java?

Posted 06 February 2010 - 09:54 AM

View PostNeoTifa, on 01 February 2010 - 11:27 AM, said:

No, in fact, if you do, the aliens that inhabit Uranus will come and anal probe you until you turn gay (if you aren't already).


Zomg I shall nefa use teh MySQL agen!


Eh, on a more serious note, I was talking about standalone programs and something like packet sniffing. I figured maybe if you used a packet sniffer then you could see and modify the data being sent to/from the database...

Yours,
Shane~
Was This Post Helpful? 0
  • +
  • -

#6 pbl  Icon User is offline

  • There is nothing you can't do with a JTable
  • member icon

Reputation: 8315
  • View blog
  • Posts: 31,836
  • Joined: 06-March 08

Re: MySQL + Java?

Posted 01 March 2010 - 08:33 PM

View PostNeoTifa, on 01 February 2010 - 12:27 PM, said:

No, in fact, if you do, the aliens that inhabit Uranus will come and anal probe you until you turn gay (if you aren't already).

Lol !!! :bigsmile:
Was This Post Helpful? 0
  • +
  • -

#7 depricated  Icon User is online

  • Behind Seven Proxies!

Reputation: 414
  • View blog
  • Posts: 1,437
  • Joined: 13-September 08

Re: MySQL + Java?

Posted 16 March 2010 - 08:44 PM

View PostShaneK, on 06 February 2010 - 08:54 AM, said:

View PostNeoTifa, on 01 February 2010 - 11:27 AM, said:

No, in fact, if you do, the aliens that inhabit Uranus will come and anal probe you until you turn gay (if you aren't already).


Zomg I shall nefa use teh MySQL agen!


Eh, on a more serious note, I was talking about standalone programs and something like packet sniffing. I figured maybe if you used a packet sniffer then you could see and modify the data being sent to/from the database...

Yours,
Shane~

Well, information sent to and from a database is going to be visible at some level. Have you thought of using a Proxy perhaps? Prepared statements work well enough for most purposes, but if you're particularly worried about the commands being edited while en route, you could obfuscate the commands behind a proxy and only feed the proxy function names and raw data. Maybe I'm over thinking it though, you should be fine with prepared statements. Just make sure any sensitive information is encrypted I suppose.
Was This Post Helpful? 0
  • +
  • -

#8 SwiftStriker00  Icon User is offline

  • Microsoft Insider
  • member icon

Reputation: 432
  • View blog
  • Posts: 1,596
  • Joined: 25-December 08

Re: MySQL + Java?

Posted 18 March 2010 - 06:49 AM

hash passwords before you send them ( you really shouldn't be storing clear text passwords anyway ).
You can also do some obscuration to your code, and/or encrypt it too
Was This Post Helpful? 0
  • +
  • -

#9 m-e-g-a-z  Icon User is offline

  • Winning
  • member icon


Reputation: 496
  • View blog
  • Posts: 1,453
  • Joined: 19-October 09

Re: MySQL + Java?

Posted 18 March 2010 - 05:50 PM

@SwiftStriker00

Yep your right, having code that has been obfuscated is the way to go but i recently read a paper regarding softwares out there in the black market getting around some obfusucation techniques to manipulate source code. There is software out there that can simply decompile your jar file into source code and can retrieve your password and username if you set it into the code.
Was This Post Helpful? 0
  • +
  • -

#10 depricated  Icon User is online

  • Behind Seven Proxies!

Reputation: 414
  • View blog
  • Posts: 1,437
  • Joined: 13-September 08

Re: MySQL + Java?

Posted 19 March 2010 - 01:06 AM

View Postm-e-g-a-z, on 18 March 2010 - 04:50 PM, said:

@SwiftStriker00

Yep your right, having code that has been obfuscated is the way to go but i recently read a paper regarding softwares out there in the black market getting around some obfusucation techniques to manipulate source code. There is software out there that can simply decompile your jar file into source code and can retrieve your password and username if you set it into the code.

In some cases you can do that with a simple hex editor. The database access information should always be input, never saved. Plus, when you think about it, it makes the code a little more reusable also.

Check out the program attached for an example of keeping the information out of the program.

Attached File(s)


Was This Post Helpful? 0
  • +
  • -

#11 m-e-g-a-z  Icon User is offline

  • Winning
  • member icon


Reputation: 496
  • View blog
  • Posts: 1,453
  • Joined: 19-October 09

Re: MySQL + Java?

Posted 19 March 2010 - 06:47 AM

@depricated

What if you have created a game which i have done in the past and connected it to a database to store the highest scores. The user wouldnt be able to type the database name and password? You would want that information to be kept private wouldnt you. I have used the approach of inputting the database username and password in the application but it is only a good approach if you are using it or the people using it are allowed access to the username and password.
Was This Post Helpful? 0
  • +
  • -

#12 depricated  Icon User is online

  • Behind Seven Proxies!

Reputation: 414
  • View blog
  • Posts: 1,437
  • Joined: 13-September 08

Re: MySQL + Java?

Posted 20 March 2010 - 07:53 AM

View Postm-e-g-a-z, on 19 March 2010 - 05:47 AM, said:

@depricated

What if you have created a game which i have done in the past and connected it to a database to store the highest scores. The user wouldnt be able to type the database name and password? You would want that information to be kept private wouldnt you. I have used the approach of inputting the database username and password in the application but it is only a good approach if you are using it or the people using it are allowed access to the username and password.


What you might do is submit the information to a PHP script. You can, from the PHP Script, call a protected file in the same directory that stores those variables. Just CHMOD the settings file to 400. I know this isn't the PHP forum but it's still relative to the discussion. It would look a little something like this:

config803741956893830143654s-sdqer.php (obscure the file name so it can't be guessed, and chmod to 400)
<php 
$dbhost = 'www.example.com';
$dbname = 'nameOfDatabase';
$dbuser = 'writeCapableUser';
$dbpass = 'aboveUserPassword';
?>


submit.php
<?php 
require("config803741956893830143654s-sdqer.php");
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
mysql_select_db($dbname);
mysql_query("relevant mysql string to submit high score");
mysql_close($conn);
?>



This will let your config file and the important variables be obscured and inaccessible to anything except the script. I can't recall exactly how to submit to a page, but it should also save you from having to manage the connector/j driver, which can be a little problematic to distribute in my experience.
Was This Post Helpful? 0
  • +
  • -

#13 macosxnerd101  Icon User is offline

  • Self-Trained Economist
  • member icon




Reputation: 10185
  • View blog
  • Posts: 37,603
  • Joined: 27-December 08

Re: MySQL + Java?

Posted 21 March 2010 - 05:12 PM

B/c PHP is an interpereted web-based language, anyone who can hack into the server can see the PHP code, and therefore connect to the database. Whereas with Java, it is a compiled language, so it will be harder to get to the source code. Honestly, DBC in Java is not much more secure against the same attacks as most other languages. You still have to secure against injections, encrypt your data, etc. As long as you take precautions like the ones I listed above, you should be fine to connect to SQL engine using Java.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1